Articles / Debian

All articles tagged with Debian

November 30, 2012 07:26 Debian: Security update for Exim

0

It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.

Updated packages are available from security.debian.org.

November 28, 2012 15:22 Debian: Security update for Iceweasel

0

Multiple vulnerabilities have been discovered in Iceweasel, Debian’s version of the Mozilla Firefox web browser. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Iceweasel does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Iceweasel does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Updated packages are available from security.debian.org.

November 28, 2012 15:18 Debian: Security update for Tinyproxy

0

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. Updated packages are available from security.debian.org.

November 26, 2012 07:55 Debian: Security update for ViewVC

0

Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories. Remote attackers can bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks via the limit parameter. The remote SVN views functionality does not properly perform authorization, which allows remote attackers to bypass intended access restrictions.

The SVN revision view does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information. “function name” lines returned by diff are not properly escaped, allowing attackers with commit access to perform cross site scripting.

Updated packages are available from security.debian.org.

November 26, 2012 07:54 Debian: Security update for cups-pk-helper

0

cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action.

Updated packages are available from security.debian.org.

November 26, 2012 07:52 Debian: Security update for libtiff

0

It was discovered that a buffer overflow in libtiff’s parsing of files using PixarLog compression could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

November 26, 2012 07:51 Debian: Security update for BIND

0

It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers.

Updated packages are available from security.debian.org.

November 23, 2012 10:41 Debian: Security update for libexif

0

Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. A heap-based out-of-bounds array read in the exif_entry_get_value function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

A buffer overflow in the exif_entry_format_value function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_data_load_data function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags allows remote attackers to cause a denial of service via an image with crafted EXIF tags.

An off-by-one error in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags. An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one.

Updated packages are available from security.debian.org.

November 12, 2012 08:49 Ubuntu: Security update for the Linux kernel

0

An error was discovered in the Linux kernel’s network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Updated packages are available from security.ubuntu.com.

November 12, 2012 08:48 Debian: Security update for hostapd

0

Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication. Updated packages are available from security.debian.org.

November 12, 2012 08:48 Debian: Security update for bacula

0

It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client. Updated packages are available from security.debian.org.

November 12, 2012 08:46 Debian: Security update for Icedove

0

Several vulnerabilities were discovered in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. This includes several instances of use-after-free and buffer overflow issues. The reported vulnerabilities could lead to the execution of arbitrary code, and additionally to the bypass of content-loading restrictions via the location object. Updated packages are available from security.debian.org.

November 09, 2012 08:29 Debian: Security update for libxslt

0

Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.

Updated packages are available from security.debian.org.

November 07, 2012 10:03 Debian: Security update for Tiff

0

Several vulnerabilities were discovered in Tiff, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation. Updated packages are available from security.debian.org.

November 02, 2012 11:15 Debian: Security update for Iceape

0

Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. The reported vulnerabilities could lead to the execution of arbitrary code or the bypass of content-loading restrictions via the location object. Updated packages are available from security.ubuntu.com.

October 31, 2012 09:28 Debian: Security update for Iceweasel

0

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

Updated packages are available from security.debian.org.

October 31, 2012 09:25 Debian: Security update for ISC DHCP

0

Glen Eustace discovered that the ISC DHCP server, a server for automatic IP address assignment, is not properly handling changes in the expiration times of a lease. An attacker may use this flaw to crash the service and cause denial of service conditions, by reducing the expiration time of an active IPv6 lease.

Updated packages are available from security.debian.org.

October 29, 2012 08:08 Debian: Security update for Asterisk

0

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

Updated packages are available from security.debian.org.

October 24, 2012 07:38 Debian: Security update for devscripts

0

Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier. Raphael Geissert discovered that dscverify does not perform sufficient validation and does not properly escape arguments to external commands, allowing a remote attacker (as when dscverify is used by dget) to execute arbitrary code. Raphael Geissert discovered that dget allows an attacker to delete arbitrary files when processing a specially-crafted .dsc or .changes file, due to insuficient input validation.

Raphael Geissert discovered that dget does not properly escape arguments to external commands when processing .dsc and .changes files, allowing an attacker to execute arbitrary code. Jim Meyering, Red Hat, discovered that annotate-output determines the name of temporary named pipes in a way that allows a local attacker to make it abort, leading to denial of service.

Updated packages are available from security.debian.org.

October 22, 2012 21:24 Debian: Security update for Tor

0

Several vulnerabilities have been discovered in Tor, an online privacy tool. Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote, resulting in denial of service. Try to leak less information about what relays a client is choosing to a side-channel attacker. By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down

Updated packages are available from security.debian.org.

October 19, 2012 11:18 Debian: Security update for BIND

0

It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. Updated packages are available from security.debian.org.

October 17, 2012 19:38 Debian: Security update for freeradius

0

Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.

Updated packages are available from security.debian.org.

October 15, 2012 05:50 Debian: Security update for QEMU

0

Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The snapshot mode of QEMU (-snapshot) incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks (including arbitrary file overwriting and guest information disclosure) due to a race condition. QEMU does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of QEMU and escalate privileges to that of the qemu process.

Updated packages are available from security.debian.org.

October 15, 2012 05:48 Debian: Security update for xen

0

Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor. It was discovered that set_debugreg allows writes to reserved bits of the DR7 debug control register on amd64 (x86-64) paravirtualised guests, allowing a guest to crash the host. Matthew Daley discovered that XENMEM_populate_physmap, when called with the MEMF_populate_on_demand flag set, a BUG (detection routine) can be triggered if a translating paging mode is not being used, allowing a guest to crash the host.

Updated packages are available from security.debian.org.

October 15, 2012 05:47 Debian: Security update for Xen Qemu

0

Multiple vulnerabilities have been discovered in the Xen Qemu Device Model virtual machine hardware emulator. The device model for HVM domains does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of the device model and escalate privileges to that of the device model process. The qemu monitor was enabled by default, allowing administrators of a guest to access resources of the host, possibly escalate privileges or access resources belonging to another guest.

Updated packages are available from security.debian.org.

October 15, 2012 05:45 Debian: Security update for Qemu

0

Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The snapshot mode of Qemu (-snapshot) incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks (including arbitrary file overwriting and guest information disclosure) due to a race condition. Qemu does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of Qemu and escalate privileges to that of the qemu process.

Updated packages are available from security.debian.org.

October 15, 2012 05:44 Debian: Security update for Beaker

0

It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Updated packages are available from security.debian.org.

October 15, 2012 05:39 Debian: Security update for Mahara

0

Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data. Updated packages are available from security.debian.org.

October 12, 2012 06:58 Debian: Security update for Zabbix

0

It was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query. This may allow unauthenticated attackers to execute arbitrary SQL commands (SQL injection) and possibly escalate privileges.

Updated packages are available from security.debian.org.

October 12, 2012 06:49 Debian: Security update for MoinMoin

0

It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.

Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.